Windows 8.1: Microsoft Bakes In BYOD Security

By Pedro Hernandez |
Posted 2013-08-05

The Start button's reappearance and boot-to-desktop options aren't the only features in Windows 8.1 that Microsoft is using to lure in business users.

On the heels of the Black Hat conference in Las Vegas and the July 30 release of the business-friendly Windows 8.1 Enterprise Preview, Microsoft is touting some of the security-enhancing software components that the company is baking into the upcoming Windows 8.1 update. Now, the Redmond, Wash.-based software behemoth is turning its attention to Windows security.

Microsoft is tightening the operating system's defenses to help enterprises cope with the challenges of an ever-changing security landscape and keeping data safe in the bring-your-own-device (BYOD) era. According to Dustin Ingalls, group program manager for Windows Security and Identity, Windows 8.1 will offer administrators new protections that reach beyond corporate firewalls and address the sometimes-risky practice of accessing business data on personal devices.

"The Windows 8.1 update offers a full spectrum of new and improved security capabilities—from features that enable devices to be fully locked down by IT, to remote security options for BYOD devices, to safeguards for personal devices that need to access business resources from home," wrote Ingalls in an Aug. 2, Windows for Your Business blog post.

Among those capabilities are mechanisms that "take away the guesswork" from the Trusted Platform Module (TPM). Microsoft is leveraging TPM 2.0 chip-based security to provide advanced encryption features, including "key attestation, which allows you to ensure your private key is safely bound to hardware instead of malware, and virtual smart card management WinRT APIs to enable Windows Store apps to set up and manage virtual smart cards," Ingalls wrote.

TPM 2.0 is also an InstantGo (Connected Standby) prerequisite, thereby allowing Windows 8.1 to extend device encryption to all editions of the OS. "If the device supports InstantGo, device encryption can be automatically enabled. As InstantGo will be available on the vast majority of devices, this functionality will be pervasive throughout the enterprise," Ingalls said.

The software maker is also working toward making TPM support standard within a few short years, allowing owners of consumer devices, which generally lack TPM-capable components, to enjoy the data-protection benefits of their enterprise-grade counterparts. "We are working towards requiring TPM 2.0 on all devices by January 2015," explained Ingalls.

Windows 8.1 will make it easier to rein in corporate data with the introduction of Remote Data Removal. The tool wipes corporate data, including emails and other data from Work Folders, leaving personal data unscathed on BYOD devices.

Finally, the company is updating its free Windows Defender software to stamp out malware that flies under the radar. New behavior-monitoring technology detects "certain bad behaviors in memory, the registry or the file system—even before signatures have been created," added Ingalls.